that was that was good and so we alright thanks everybody for coming to learn all about consuming third-party API and my name is that the korean and I work for a company called return map out where I work exclusively on an API call context I 0 and context I 0 is an API that sort of abstracts the whole layer of of integrating with a user's e-mail inbox so essentially we have it's an API for e-mail and so that's pretty much what I do day in and day out and a large part of my work on context l is helping developers integrate API and sometimes that means I get all sorts of questions all sorts of issues and happening with with the API in and I have experienced some something some some weird questions and that's town where where this talk is coming from because I feel like if we all can have a baseline of what it's like to work with third-party API and maybe we can move forward and and what is moving forward so I think that the problem is that sometimes people coming from all walks of life maybe their self taught or maybe they just never really got to work with third-party API and just to clarify to me a third-party API is sort of like a public API accessible up there for consumption like say API like Twitter or something like that so many lies the party API so we have a lot of people coming in from all walks of life maybe they've never really integrated with an API before and you get some weird questions and we we're issues happening and so there was a they involve those from moderate Richard Schneemann actually means on Twitter where he was talking about real magic in it really struck me that share and we have resources users and that cancers all of these rocks so I think that I'm not saying that there's too much magic going on and this is a bad thing and you know obviously you know it we all know how and new crud I would assume and so who wants to meet had been out all the time right out but I think that maybe there's a little bit of like at a period and sometimes you will realize like the difference between a cat and a host and how that works when they translate that into like third-party API maybe they know how to create cried and do that within your else apple when it comes to figuring out what again in a post means with someone else's API some people are like if you what's going on here story so I have a

03:08

question from a developer saying

03:10

Haiti my string I'm trying to

03:12

post but something during the

03:15

i in my string is not working can you

03:17

please take a look at it and I was like shared

03:20

industry looked right so I was like OK well

03:23

wanna looked through my logs for this particular

03:25

request and see what's happening at I saw that

03:28

he was doing get enough of those at

03:32

it looked like he was putting

03:35

the strain that he wanted a post see onto

03:38

his browser and then hitting and and that's and

03:41

get it that's not a post so is

03:44

like what how does that hampered by his there was

03:49

another guy those men also

03:52

consumer the body API and he was

03:54

putting his belief that it his API

03:56

request on his routs while which I

03:59

was like now rule

04:01

that's not where that goes

04:04

so if you're here face coming right now

04:07

they buy yourself on the back that means that

04:10

you know stuff it your way

04:12

ahead then a lot of people that have come

04:15

across on so what's on

04:18

the agenda I want to use some tools that can help you can see in the body API as good and do all the good things to and if you understand that reference you are awesome so on until at the anatomy of an API call we're gonna have to look at the HTTP status codes that what they mean because they actually have a meaning and then we can talk about working the gems and lastly we're gonna go over some tools for our debugging and testing the end worlds and do a demo was

04:57

thoughts are at so that signal in the anatomy of an API call overly Mostellers's review so this is essentially your components for an API

05:09

call you have your method which is your birth so scary again post the we update of many have URI URL or a point in this case I just made something up calls but where my slice go yeah know it's not working there all right so you know your method you're 11 point any your resource so the thing that it has access so here's an example 0 OK the point and in this particular example the resources we're trying axis about the photos then you have the verb so in this case it's a get but it can also be POST delete put enough call your method of something that you're wanting to do must be more familiar with this so so far so good many also have headers and hunters is something that goes in your call and it has information about the call by you requesting or receiving lastly you have the actual bodies so the body is a response that you get back so in this case you make a call to get photos on some end point that I would expect the response to be maybe a URL for that but I'm trying to get in typically that responsibility J. so so far so good command of the assumptions are made the assumption that you use HTTP protocol made the assumption that there's a RESTful API then also made the assumption that it's giving Jason back to not only API work but most do at these nodes are out there for public consumption out will follow this problem so now sunlight HTTP status codes your like OK

07:15

well why why should we care about each to

07:18

the status codes because the

07:20

magical thinking you so much

07:22

information in a lot of people ignoring them and

07:25

it's really beyond me why that happens so a single instance can In a nutshell so those are not arbitrary these have been established for a long time and they're sort of like agreed upon a lot of people spend a lot of time in a lot of pain over trying to figure out what the correct status code is to give back to the so they they really are important and should really not be attention to what the time to tell you so now focus on the cells because they appalling in encounter the most when you're trying to consume at the party the and so in a nutshell 100 range information all 200 range everything is cool 300 range go away mostly in any dealing with that when you're dealing with a while I 400 you messed up 500 messed up lot of people don't really realize that so 200 variance so

08:33

forgetting something and then I'm not really sure what's going on there with my slides not showing up by essentially let's skip over the 200 range because you were pretty much all good with 200 means means everything good to go this 201 Created which means you're probably trying to create some races on the API and then it works to means will create then there's also 2 0 2 which I love because essentially when you read on the spec it says I got it is not actually saying created it it's a I'd like to request Monteleoni about it right now but I so I feel like those 3 are really important when it comes to working with API is because again they have meaning to 2 means I another request I haven't done anything with so it's not saying that yes it was done is just say I got it were so 1 is saying yes definitely I created so there's like this and a difference there yeah attention to and another thing that it was really important especially if you're working with something like Web books how many of you know what what books are it very few so essentially what that means is sort of like an event listener that looks work some sort of thing that happened and then the API will notify you when that things happen when nothing happens by giving up goes back on a callback neural that you designate so you can say API I want you to let me know when this happens in the 0 where I want you to alert me so but what happens is that developers need to reply with a 200 so that we know that everything is working correctly and that we can post back and sometimes I see that developers reply with the 2 0 1 and I mean that's still find we still post back and I'm like to 1 is not the right 1 should be 200 have so anyway some 400 is what I see a lot of people have questions about which again it's your request is bad and you should feel that people don't pay attention to what that means when you go and you look at the spectrum literally means there's something wrong with your friends the request was not not performed correctly and you should not repeat the request asked if and a lot of people don't take the time to go on the like all OK well I guess I should go and look at my brain and so I think that's really important there hasn't really been an instance when someone is like handing out 400 and it wasn't their fault so again get 400 check your bronze the this problem and break again I have a really cool gift of gab have going you shall not pass to talk about 4 1 on author it's because that is that's essentially what for 1 means for 1 is 1 that you might come across a a lot when you're working with API is the work that expect some sort of authentication because what that means is hey the server is expecting you to passing credentials and credentials failed so I get I get a lot of requests for her help whenever there's a developer that's getting up for 1 in there like nobody knows potentials are right and then you like debugger and it's like 0 somebody change like somebody clearly see greater something and that's why it's right so I can be getting a for 1 check your credentials the other 1 that's kind related to the 4 1 is a 403 which I love because it reminds me of Lucille Bluth and in that episode of arrested development when like I don't understand the question and I will respond to it that's essentially what 403 it this for a theory says I understood the request and just not do anything about it because likely credentials or wrong or you don't have access to access whatever it is you're trying to get to and so that is also 1 of my favorites 403 Forbidden the the other 1 that people on are probably really familiar with that's just go ahead and employed employed by can again is far over for warming up around us people of this most people and even let developers no 404 and that's probably because if you've ever access the website and you went to a web page that doesn't exist anymore and you have for a 4 in a lot of people again sometimes contact us in

13:13

the same camp and handle the Academy for 4 on this in a check out taken out and through our logs can like policy and delete request for this resource that you're trying to access and that's what you're getting at 4 0 4 so you're getting up on some resources go back and see if maybe there's like some request not deleted that resource maybe again status codes don't like the next 1 no 1 talk about what it is it is for 1 8 I am a T P N a lot of people don't know about the status code and I like it because it shows that people are going to you it shows up that was we can have fun with HTTP status so it's

14:10

actually in April of 1998 and somebody release April Fool's joke for hypertext copy plant control protocol and it was essentially a protocol for controlling monitoring and diagnosing coffee pots so for 1 AIDS means I am a teapot so as weights of 400 that's an error right you're trying to inspect the coffee pot in you're actually inspected key so I feel like that's so also that this exists and you can actually find out there in the wild if you go to 0 . com slash teapot you can see and that they have a I have a teapot sort of landing page if I went on the inspector let's pull it up that and let's good network and then try to find this or I can just stand preserving large then refresh so I do the request 10 now I can see the request here it's in red and it's kind tiny and unfortunately I can really making this part a little bit bigger blood you can see here that I didn't get on the part in the status code was 4 1 8 and it gave me an teapot back so that's how it works Boston so sensitive that they're not the also for and the other 1 that you should take a look at it is 429 status or API limit reached and the

16:00

reason why that is really important in a lot of people ignore it is because when you're working with an API and therefore 29 and in the year exceeding you're API limit this actually happens at the other week to a developer those or did you like a sometimes when I make this call and I pass in the exact same parameters sometimes they get a response to sometimes I don't knows like hot that's a red flag whenever you making call sometimes you get a response sometimes you don't that's that's that means there's something going on there and likely it could be folly in this case it was that they were reaching their API limits so whatever they're making that call their uranium for 29 and they weren't logging it because they were expecting probably at 200 and they were expecting a response so they're essentially ignoring it and that's why sometimes is giving them is nothing and so I went back and dialogs and I was like wow you sound like thousands of 420 in the last month or so no 1 for and so I think that that's definitely 1 we have to look out for another thing to look out for it is I think a lot of operas always look for 200 and beyond have been on trying to look for or log anything other than that and sometimes you might in this case you get something like 4 29 and you're completely ignoring it because you're expecting something else and then you know what's going on so you get attention to that the and then you can to the 500 range 500

17:31

as does literally like I n is just killing them was basic response so usually you have 500 I don't freak out I just try again to figure out what's going on either certain 503 that means unavailable that means it is down OK and you don't to check it out but it would could also mean that you're being told and so I would say you started the trees that would for me the false-alarm and I be like OK what going on I'm so frail contentions assess codes they're there for a reason and they have a meaning they're not arbitrary they don't normalized OK status codes don't lie so intention to them no 1 expects you to memorize them OK this

18:25

is the suspect is the Geneva of all static and I can go and I can look for 403 Forbidden then I can go click on it I can go read what it means nobody expects you to memorize all about rate and there are other resources out there like for example HGV statuses . com that's out there it's a lot more friendly and essentially all you have to do is just like if you remember the URL you just do it should be sensors . com sessional 1 and the the that it so when I started working with API I would essentially have this open all the time so I could see later OK what the article getting money to see what that means and then after you do that after a while you start being like OK for 2 main idea and that means I'm so again time of resources out there to help you so

19:18

that's that's not about authentication so something again require authentication and some require no authentication and then some others require users to authenticate so there's like 3 layers that you can be dealing with foreign authentication that literally means that you don't have to get API you don't have to pass in any credentials to the API so a couple of those and there are examples of inorganic don't require authentication is going the the the opening in the database and the open the map and I think that I want to have some calls that requires authentication and some that don't and then the amount of the a has a lot of resources out there were you don't need to authenticate then you have a developer authentication and that essentially means and that the API was you prove you are they want you to get in the eighties so they know who you are when you're trying to develop so that means you need to get the idea the secret and then how he opened with that API depends on the API itself so maybe as want you passing and you're credentials as a parameter similarity as will want you to put that in the header there's there's really no like baseline a lot of different NPs implement this differently so you're don't want to go to the API documentation and see how they expect you to sign your request so for example I have been doing some work on a

20:45

personal project with any of API and I found exactly how they want me to do their signatures and they also provide an example so that I can follow this and exactly how I need to authenticate for about API call work so let's make some test

21:01

communal when alright it

21:09

yes I was making some testicles earlier hopefully someone did not like to make a bigger as a summary score a lot of people don't use for this is something that you have already in your terminal if you're a Unix-based terminology on windows that the antebellum something I don't know I'm not a Windows user and sorry but but if you have any Linux-based um terminal you should be able to just like start curling all day long and so I'm going to do a call to people in need it's own immediate outcome and then they want you to use S equals and then your search Sonatrach for frozen then hit enter and that gives

21:57

me Jason back so I can see that the 1st trial was frozen and 2013 probably all know that nearly linear can also see that in return to need some other titles that have frozen the title like frozen land never even heard about maybe were craft 3 the frozen at around 1 that's the Newman with that so that's an API call that doesn't require authentication as you can see it's a GDP it's I should P so let's make a call but actually requires

22:27

authentication so I'm gonna try a call to the mean of maybe I'm each GP estimates Academy and from slashed to such a man so I can memorize this already g equals to look up my key because I'm the 1 thing they did not

22:49

memorize and then ever

22:55

group neural name quotes a message for Girl Develop it if I was doing some work for and so the little but often enzyme equals true that that's than response

23:19

and this 1 was the forgot medication essentially all I did was just put in my T and that's a sign equals true that's it super basic authentication so

23:31

there are other ways that you can authenticate of you can do authentication for the user so not just for the developer itself but for the user sometimes give you need to get a user to give you permission to access their e-mail inbox their Facebook profile the answer fine as they need to an authorized so for that and you would have to do with user authentication most likely with a lot of 1 point or 2 . 0 and and this is called a wild dance and this is where you come up with a lot of 3 302 which essentially redirect you to another place so in these instances you're gonna have a user and the user's then redirected probably too like Facebook or Gmail or something and don't have to click authorized and then they're going to be redirected back to your app in all of this is actually preety complex and there are a lot of rules and the 1 thing they need to pass on so luckily there are some libraries that will help you do and then also some MPI will just go ahead and facilitate this process for use for example that it the other work on call context we have a call you can make that essentially fires off the off process and only have to do is just pass the e-mail the of the 1 that's so pretty neat and handy so let's go ahead in I test that out but before that I did wanna give book with were not indication which versus authorization so the authentication prove your you say you are authorization and make sure that you are authorized to access where is the once is also within the within the realm of all of this is known as code so every to a website you try to authenticate and grant access you see this and this little public guided says would you like to give this access to your e-mail involves or whatever called the scope it's information so you're requesting the actions that you want to do on behalf of the user and so that falls on as something that you would do through off

25:38

so let me show you something real quick with facts I have a sample on

25:44

that I think is running the and

25:48

essentially I created this app specifically to test all off with the API that I work

25:56

on and this is like super simple her role using bootstrap animals also using device and just have the registration and all I did this like throwing out I'm just using whenever I need to test all and so is not a user I would not call it the wild things and the outlook of Could I think that's not test account ch in this manner by signing in so 1 thing that I want to do is just go ahead and open up my network tab click on preserve lot so that I can start seeing what's happening so nice try authenticate I can actually see OK now was redirected here and this is where I say yes you can have access to my heart is 90 bond this eventually I redirected back to my and what I find plays really helpful is just looking at a hold the request this can be a little bit like involves to read when you can essentially find exactly where the redirect sigh happening so you can see what's happening in what's going on so here I can see like elements like all bacteria to you OK this is where I sent to the user were to microsoft and then after that and I can see other requests like for example this is where the user logged in as you can see it was gangs of 3 2 you can see everything that's happening there and 1 thing that also find useful whenever it when I was trying to learn a lot and how of word was does do a right-click on this slide and then just a copy all as far or HDP oxide in an uncertain and create a text file say as far with content yeah that's the 1 I want OK so I just call this test is gonna open on my desktop in terms it

28:08

that's part of their so now if I open this in the text editor of my choice I can see a

28:16

whole lot of all of those calls and I found this really useful to see exactly what's happening in each step of the whole process it's kind wants to read but you can just do a quick search like I want to go and find 1 the redirects just type 302 hopefully she take me to a place where there's an actual 302 happening you get the idea so I found that really useful to just like preserve love download that love a see what's happening without a lot process the cruel so now we did that let's take a look at some tools productivity so this man is a tool that I absolutely love whenever you're working with API here and going to try to do a test call to Twitter and in this case and then using off 1 .

29:06

0 up to authenticate so the 1st thing that you wanna you for example is take a

29:12

look to the Twitter API actually

29:15

and here had to go and get an API key and 1 thing about this is that I'm showing all this for example purposes but typically you don't wanna ever Sharia create receiver with anybody and so if that ever happens just generate new secret and so be careful with your API credentials so here I have my consumer Key and all that stuff and when I don't look

29:38

at the stocks for twitter alot of APS are super helpful in this way so so that I wanted to do this call is called I want to do I was reviews results show it's going in the information on my user so that angle here and in the office signature generator selects them about trying to work on and then it's going to generate this

30:01

for me so you can see my cancer rity of thalamic secret again can say what it is and then do get off signature

30:09

and then it generates all those parts for me as an example of how to properly and do a signature to dedicate with Twitter so I know that's really involving that's a lot to do so

30:23

post man really simplifies all this process so here and just to clarify prismatic is like a Chrome extension on steroids so you can come to and i is essentially just like a browser and it does a lot of these things and so when you're in the builder part of the week after you can put in all of those things and actually generate everything that you need to sign a request so in this example I pass I select all of 1 . 0 which is what we're told and wanted hadronic I secret and then post them automatically is going to generate a timestamp for me and generate an arms and non essentially means it's a number used once in a sort of like a unique identifier for that call that can only be used once you can't just like put in a random string of numbers that you actually have to generate the non so I find this man really helpful I in in this whole like process to try get a quick call out there so I'm just gonna go ahead and click on and request and you keep your eyes on the times and you will see that and the non really see that you'll see that it generates a new 1 so now and it sends its actually gonna give me their response so you can see here everything that I would get back in the great thing about this man is that it also keeps your history so if I ever want to go back and see how the end this call I can go those men and if your senior history and not the meaning and you can go and click on that and see exactly everything the past and how you make that call so that super helpful when you're still it's trying to learn an API and work that so I will post man at some other things that it has on the page

32:12

feature you can have teams meeting had environment variables so you don't have to like put in the same things over and over again so and that's a paid here but but I think that you don't even with the free interior so lost of leading up from post Madison amazing act highly recommend the use that

32:31

so now looking we made a call that segment chance so I think while developers start off by saying hey own work this is the island the sea there's a agenda for that and they miss out on this whole idea why actually making calls to the API themselves so they can like skip stepped in the go straight to the abstraction and I feel like I should spend some time making some calls to the API girl or POS managers do not it's like a game of ping-pong just get started there's see what you get you get familiar with the API before you start working on a Jan it's getting so much easier once you get to that point where you're ready to start developing with the gendered self if you spend some time making some test calls and so how would you choose an official API wrapper for whatever API you want pretty easy you prepare you probably already know this value while for official libraries you wanna look for these a whole lot of maintaining errors that's been updated recently blob blog we all know this but what happens in the libraries viewable what happens in the library that's out they're kind of stocks and so as an example we had to throw money under the bus but let's take a look at Instagram z

33:49

official Denver instance semantic API and you can see already it's Facebook archive and you see the last time that this was worked on was a month ago so and then Israel value of this property is not to be maintained crap when I go into this knowledge that have here an example of an API Client those looking at and I was like the this is not my needs and this is just poorly documented also not very well maintained Our maintained often and

34:19

so I was like you have no the still myself so

34:24

you can create your own young rapper if we already know how to make calls against the API all you need is just the most regions that API in all you need for that is a it should be client and there's a time that you can choose from there's ACT party which is my favorite there's Verde and there's no 1 college to keep down then there's also there may be 1 that promotes Konstantin that's that http there is a great presentation here that you can take a look out that's linked from my slides that goes into comparing all this it should be quite if you wanna go down the rabbit hole be my guest end all HTTP clients can built on top of these 3 libraries so there's no should impede as content HTTP client and then there's also upward trend which uses liberal and other libraries are essentially repres of all of this so if she party as a wrapper for narration GP Verde a wrapper for an HDP ex-con and patron it actually lets you select an HTTP the gender is just a layer of annotation of ACT pieces actually another yet another rapid so you know what delivered a research on the gender you select because all these genomes there wrapping another library on top of an undue things like we tried calls and you may not be expecting that so you know I'm going to a little research into which library users which are the library and for your project so I was in demo using each departing create your own wrapper but unfortunately and almost at a time so if any of you want to see that the company later I'm happy to give you a tutorial on not work by on Twitter again happier that you through that so I know that in my example of a crazy to say like OK well I'm going to use say is she party which is a wrapper of Medici DP to create my own wrapper it's like in Section over here on you can see my dear tenants who should be from so just yeah i is 1 thing to keep in mind I so 1 thing that I wanna show you out with the 2 minutes that left is some tools to help you

36:45

actually like work in the money API as and so 1 tool that I use a lot is called request essentially request that is a sort of temporary pocket where you can throw at it should appear responses so whenever you need to test like another an endpoint you can create a request then which is essentially again after bucket and this is the rural that gives you and you can use that as to try to capture other requests they come and so for example here I set up a request then on my e-mail address so at any time they get an e-mail and get a pose that notification in here you can see how that was my notification that this was this was an e-mail from a central about Conf identification for that on my request than the other 1 I wanna show you is the market in which

37:34

essentially words very similarly to request and so I want you as a new idea in your computer go on twitter and tweet at and my user name is easy way i

37:47

c o r r e a so I Sample welcome my e-mail that looks for e-mails from Twitter and any time that I don't know from Twitter is going to do my web book so if any of you Tweet at me or favorite something that I do on Twitter and they get an e-mail notification I'm going to see that

38:06

right here on market and so I'm just gonna fool somebody uh so like something and winter with who OK so I can see here and essentially what mapping is doing is that it's it's sort of like working asked an endpoint of spreading those requests and I find this super helpful especially when working with what holds so I can actually see the response I get back from the server is allowed in the i don't always document actually replies in from the and so if you ever need to know exactly what you're getting back from the server go to market then create and then use that as the end point and then magic happens when you refresh 1 more time before we're done the event any other art so that's the a hands if you have any questions talk to me out in the hallway track thank if the if you have 1 is

Inhaltliche Metadaten

Just like there’s an app for that, there’s an API for that! But not all APIs are created equal, and some APIs are harder to work with than others. In this talk, I will walk through some common gotchas developers encounter when consuming a 3rd party API. I will explain why it’s important to familiarize yourself with the API you’re consuming prior to coding, as well as share tools to help you get acquainted with an API much faster. Lastly, I will go over debugging and testing the API you’re consuming, because testing is not just for the provider of the API!